The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the truefoundry CLI and the traceloop-sdk (Python) or @traceloop/node-server-sdk (Node.js) from standard package registries (PyPI and NPM). These are official packages provided by the vendor and well-known observability providers.
[COMMAND_EXECUTION]: The skill uses local shell scripts (tfy-api.sh, tfy-version.sh) and standard package manager commands (pip, npm, uv) to interact with the TrueFoundry API and manage the local development environment. The API helper script includes basic safety checks to prevent path traversal.
[PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by reading project configuration files (e.g., requirements.txt, package.json) to detect application types and libraries. However, the logic is limited to checking for specific library names and does not involve executing the contents of these files or parsing them in a way that could lead to unauthorized actions.
[SAFE]: Sensitive data such as TFY_API_KEY is handled using environment variables or .env files, which is consistent with standard development practices for authenticated API access.

truefoundry-tracing